On Fri, 27 Oct 2006 08:53:00 -0400, stuartv wrote > > working on it). The reason we run AV at the border AND on the > inside boxes is quite simply that I have seen way too many times in > my carreer a virus be ignored by one AV package but caught by > another. Security is a must where I work and the added protection
Good point. > Running anti-malware software on border machines, such as STMP > servers, proxies, etc. is an important countermeasure for network > wide infection. > > It's very much possible to have an outdated or undefended node in the > network but in border defense line, that's not the case. On a border server, I wouldn't recommend clamav or any antivirus software. Clamav has had many vulnerabilities and some of them remotely exploitable. And it's not just the antivirus software you have to keep up-to-date, but all the other software that is required to make it function, like the software that transports the email from the email server to the antivirus software and back again. b = clamav or any antivirus product that checks for viruses in email on some server w = any antivirus software that runs on the users' windows computer such as norton antivirus assume b and w are always updated. Protect email? b = yes w = yes Protect users from malicious websites? b = no w = yes Protect from infected media, like floppy, cd, dvd, or usb drive? b = no w = yes Put load on server? b = yes w = no Protect files that have managed to be distributed by any other means other than email? b = no w = yes Protect laptop users who take their laptops off the company site? b = no w = yes Protect a network from an infected laptop? b = no w = yes Protect users who use file-sharing programs like bittorrent or kazaa? b = no w = yes If b or w stopped working, would users still get their email? b = very possibly no w = very possibly yes With all the complexity that b needs in comparison to w, I'd rather just stick with w (kiss, keep it simple stupid). But you do bring up a good point, security in layers and one software doesn't catch everything.
